[Engineering] Wikitech Account Registration Re-Enabling May 2nd, 2019
Chase Pettet
cpettet at wikimedia.org
Wed May 1 20:23:18 UTC 2019
tl;dr: Tomorrow (May 2nd, 2019) is the planned turn on date for Wikitech
account registration (
https://gerrit.wikimedia.org/r/#/c/operations/mediawiki-config/+/507594/)
For the past few weeks Developer account registration has been disabled on
Wikitech. This was done in response to extreme vandalism and
sockpuppeting. We realized that our blocking mechanisms for bad actors was
insufficient. Because of this, a cross functional group of people have
been working on tasks outlined in "Minimum capabilities required before
re-enabling Wikitech account creation" [0] (apologies you need #security
access to see the details). Much of this work has been completed but the
group has agreed that rate-limiting capabilities for Gerrit can be deferred
to allow account creation to happen (in advance of the upcoming Wikimedia
Hackathon), and to avoid a rushed rollout.
There is a runbook outlining current best practice at
https://office.wikimedia.org/wiki/Security/LDAP which essentially says that
https://wikitech.wikimedia.org/wiki/Special:Block will now effect LDAP,
Gerrit, and Phabricator. Special:Block will disable and terminate the
existing sessions of users on Gerrit and Phabricator in addition to
preventing them from logging in. There are now also vandalism revert tools
in place for Phabricator [1] and Gerrit [2].
A lot of people have helped with this process, and we should be grateful to
all of them. Release Engineering and SRE in particular have pulled a lot
of the weight. John Bennett will have to lug an even bigger box of
thank-you-t-shirts to the next All Hands I suspect. We are not announcing
this publicly yet, but that should follow within a week or so if all goes
well. There is the potential that malicious acts start up again with this,
and we'll put our tools to the test if so.
- Chase on behalf of the T219830 worker bees
[0]. <https://phabricator.wikimedia.org/T219830>
[1]. <https://phabricator.wikimedia.org/T198283>
[2]. <
https://gerrit.wikimedia.org/g/operations/software/gerrit/tools/gervert>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/engineering/attachments/20190501/ad18bd7d/attachment.html>
More information about the Engineering
mailing list